X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=board%2Ffreescale%2Fcommon%2Ffsl_validate.c;h=2b723a4b9cb995af5f4398412010aa9dde8387d1;hb=e5f96a872b7da006b55d1fcdfd602b15a3056497;hp=8fd6dd63b1d5f068afc72421346833f81dbcab20;hpb=82d72a1b9967cff4908f22c57536c3660f794401;p=u-boot diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c index 8fd6dd63b1..2b723a4b9c 100644 --- a/board/freescale/common/fsl_validate.c +++ b/board/freescale/common/fsl_validate.c @@ -35,7 +35,13 @@ static const u8 hash_identifier[] = { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, }; static u8 hash_val[SHA256_BYTES]; + +#ifdef CONFIG_ESBC_HDR_LS +/* New Barker Code for LS ESBC Header */ +static const u8 barker_code[ESBC_BARKER_LEN] = { 0x12, 0x19, 0x20, 0x01 }; +#else static const u8 barker_code[ESBC_BARKER_LEN] = { 0x68, 0x39, 0x27, 0x81 }; +#endif void branch_to_self(void) __attribute__ ((noreturn)); @@ -157,10 +163,15 @@ static int get_ie_info_addr(u32 *ie_addr) /* This function checks srk_table_flag in header and set/reset srk_flag.*/ static u32 check_srk(struct fsl_secboot_img_priv *img) { +#ifdef CONFIG_ESBC_HDR_LS + /* In LS, No SRK Flag as SRK is always present*/ + return 1; +#else if (img->hdr.len_kr.srk_table_flag & SRK_FLAG) return 1; return 0; +#endif } /* This function returns ospr's key_revoc values.*/ @@ -223,6 +234,7 @@ static u32 read_validate_srk_tbl(struct fsl_secboot_img_priv *img) } #endif +#ifndef CONFIG_ESBC_HDR_LS static u32 read_validate_single_key(struct fsl_secboot_img_priv *img) { struct fsl_secboot_img_hdr *hdr = &img->hdr; @@ -238,6 +250,7 @@ static u32 read_validate_single_key(struct fsl_secboot_img_priv *img) return 0; } +#endif /* CONFIG_ESBC_HDR_LS */ #if defined(CONFIG_FSL_ISBC_KEY_EXT) static u32 read_validate_ie_tbl(struct fsl_secboot_img_priv *img) @@ -288,30 +301,20 @@ static inline u32 get_key_len(struct fsl_secboot_img_priv *img) */ static void fsl_secboot_header_verification_failure(void) { - struct ccsr_sec_mon_regs *sec_mon_regs = (void *) - (CONFIG_SYS_SEC_MON_ADDR); struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR); - u32 sts = sec_mon_in32(&sec_mon_regs->hp_stat); /* 29th bit of OSPR is ITS */ u32 its = sfp_in32(&sfp_regs->ospr) >> 2; - /* - * Read the SEC_MON status register - * Read SSM_ST field - */ - sts = sec_mon_in32(&sec_mon_regs->hp_stat); - if ((sts & HPSR_SSM_ST_MASK) == HPSR_SSM_ST_TRUST) { - if (its == 1) - change_sec_mon_state(HPSR_SSM_ST_TRUST, - HPSR_SSM_ST_SOFT_FAIL); - else - change_sec_mon_state(HPSR_SSM_ST_TRUST, - HPSR_SSM_ST_NON_SECURE); - } + if (its == 1) + set_sec_mon_state(HPSR_SSM_ST_SOFT_FAIL); + else + set_sec_mon_state(HPSR_SSM_ST_NON_SECURE); printf("Generating reset request\n"); do_reset(NULL, 0, 0, NULL); + /* If reset doesn't coocur, halt execution */ + do_esbc_halt(NULL, 0, 0, NULL); } /* @@ -323,29 +326,20 @@ static void fsl_secboot_header_verification_failure(void) */ static void fsl_secboot_image_verification_failure(void) { - struct ccsr_sec_mon_regs *sec_mon_regs = (void *) - (CONFIG_SYS_SEC_MON_ADDR); struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR); - u32 sts = sec_mon_in32(&sec_mon_regs->hp_stat); u32 its = (sfp_in32(&sfp_regs->ospr) & ITS_MASK) >> ITS_BIT; - /* - * Read the SEC_MON status register - * Read SSM_ST field - */ - sts = sec_mon_in32(&sec_mon_regs->hp_stat); - if ((sts & HPSR_SSM_ST_MASK) == HPSR_SSM_ST_TRUST) { - if (its == 1) { - change_sec_mon_state(HPSR_SSM_ST_TRUST, - HPSR_SSM_ST_SOFT_FAIL); - - printf("Generating reset request\n"); - do_reset(NULL, 0, 0, NULL); - } else { - change_sec_mon_state(HPSR_SSM_ST_TRUST, - HPSR_SSM_ST_NON_SECURE); - } + if (its == 1) { + set_sec_mon_state(HPSR_SSM_ST_SOFT_FAIL); + + printf("Generating reset request\n"); + do_reset(NULL, 0, 0, NULL); + /* If reset doesn't coocur, halt execution */ + do_esbc_halt(NULL, 0, 0, NULL); + + } else { + set_sec_mon_state(HPSR_SSM_ST_NON_SECURE); } } @@ -388,6 +382,7 @@ void fsl_secboot_handle_error(int error) case ERROR_ESBC_CLIENT_HEADER_SIG_KEY_MOD: case ERROR_ESBC_CLIENT_HEADER_SG_ESBC_EP: case ERROR_ESBC_CLIENT_HEADER_SG_ENTIRES_BAD: + case ERROR_KEY_TABLE_NOT_FOUND: #ifdef CONFIG_KEY_REVOCATION case ERROR_ESBC_CLIENT_HEADER_KEY_REVOKED: case ERROR_ESBC_CLIENT_HEADER_INVALID_SRK_NUM_ENTRY: @@ -536,15 +531,22 @@ static int calc_esbchdr_esbc_hash(struct fsl_secboot_img_priv *img) if (!key_hash && check_ie(img)) key_hash = 1; #endif - if (!key_hash) +#ifndef CONFIG_ESBC_HDR_LS +/* No single key support in LS ESBC header */ + if (!key_hash) { ret = algo->hash_update(algo, ctx, img->img_key, img->hdr.key_len, 0); + key_hash = 1; + } +#endif if (ret) return ret; + if (!key_hash) + return ERROR_KEY_TABLE_NOT_FOUND; /* Update hash for actual Image */ ret = algo->hash_update(algo, ctx, - (u8 *)img->img_addr, img->img_size, 1); + (u8 *)(*(img->img_addr_ptr)), img->img_size, 1); if (ret) return ret; @@ -620,14 +622,11 @@ static void construct_img_encoded_hash_second(struct fsl_secboot_img_priv *img) */ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img) { - char buf[20]; struct fsl_secboot_img_hdr *hdr = &img->hdr; void *esbc = (u8 *)(uintptr_t)img->ehdrloc; u8 *k, *s; u32 ret = 0; -#ifdef CONFIG_KEY_REVOCATION -#endif int key_found = 0; /* check barker code */ @@ -637,17 +636,14 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img) /* If Image Address is not passed as argument to function, * then Address and Size must be read from the Header. */ - if (img->img_addr == 0) { + if (*(img->img_addr_ptr) == 0) { #ifdef CONFIG_ESBC_ADDR_64BIT - img->img_addr = hdr->pimg64; + *(img->img_addr_ptr) = hdr->pimg64; #else - img->img_addr = hdr->pimg; + *(img->img_addr_ptr) = hdr->pimg; #endif } - sprintf(buf, "%lx", img->img_addr); - setenv("img_addr", buf); - if (!hdr->img_size) return ERROR_ESBC_CLIENT_HEADER_IMG_SIZE; @@ -671,13 +667,17 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img) key_found = 1; } #endif - +#ifndef CONFIG_ESBC_HDR_LS +/* Single Key Feature not available in LS ESBC Header */ if (key_found == 0) { ret = read_validate_single_key(img); if (ret != 0) return ret; key_found = 1; } +#endif + if (!key_found) + return ERROR_KEY_TABLE_NOT_FOUND; /* check signaure */ if (get_key_len(img) == 2 * hdr->sign_len) { @@ -691,10 +691,12 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img) } memcpy(&img->img_sign, esbc + hdr->psign, hdr->sign_len); - +/* No SG support in LS-CH3 */ +#ifndef CONFIG_ESBC_HDR_LS /* No SG support */ if (hdr->sg_flag) return ERROR_ESBC_CLIENT_HEADER_SG; +#endif /* modulus most significant bit should be set */ k = (u8 *)&img->img_key; @@ -784,9 +786,17 @@ static int calculate_cmp_img_sig(struct fsl_secboot_img_priv *img) return 0; } - +/* haddr - Address of the header of image to be validated. + * arg_hash_str - Option hash string. If provided, this + * overrides the key hash in the SFP fuses. + * img_addr_ptr - Optional pointer to address of image to be validated. + * If non zero addr, this overrides the addr of image in header, + * otherwise updated to image addr in header. + * Acts as both input and output of function. + * This pointer shouldn't be NULL. + */ int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str, - uintptr_t img_addr) + uintptr_t *img_addr_ptr) { struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR); ulong hash[SHA256_BYTES/sizeof(ulong)]; @@ -839,7 +849,7 @@ int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str, /* Update the information in Private Struct */ hdr = &img->hdr; img->ehdrloc = haddr; - img->img_addr = img_addr; + img->img_addr_ptr = img_addr_ptr; esbc = (u8 *)img->ehdrloc; memcpy(hdr, esbc, sizeof(struct fsl_secboot_img_hdr));